DevOps Deploy
by HCL Software
CVEs (13)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-0255 | Hig | 0.47 | 7.2 | 0.01 | Mar 24, 2025 | HCL DevOps Deploy / HCL Launch could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements. | ||
| CVE-2025-0257 | Med | 0.41 | 6.3 | 0.00 | Apr 2, 2025 | HCL DevOps Deploy / HCL Launch could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service. | ||
| CVE-2024-23558 | Med | 0.41 | 6.3 | 0.00 | Apr 15, 2024 | HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | ||
| CVE-2024-23550 | Med | 0.40 | 6.2 | 0.00 | Feb 3, 2024 | HCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user information when installing the Windows agent. | ||
| CVE-2025-62330 | Med | 0.38 | 5.9 | 0.00 | Dec 16, 2025 | HCL DevOps Deploy is susceptible to a cleartext transmission of sensitive information because the HTTP port remains accessible and does not redirect to HTTPS as intended. As a result, an attacker with network access could intercept or modify user credentials and session-related… | ||
| CVE-2025-0273 | Med | 0.36 | 5.5 | 0.00 | Mar 27, 2025 | HCL DevOps Deploy / HCL Launch stores potentially sensitive authentication token information in log files that could be read by a local user. | ||
| CVE-2025-0272 | Med | 0.35 | 5.4 | 0.00 | Apr 3, 2025 | HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. | ||
| CVE-2025-62329 | Med | 0.33 | 5.0 | 0.00 | Dec 16, 2025 | HCL DevOps Deploy / HCL Launch is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated. This could lead to unauthorized access under certain network conditions. | ||
| CVE-2025-62327 | Med | 0.32 | 4.9 | 0.00 | Jan 7, 2026 | In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configuration privileges may be able to recover a credential previously saved for performing authenticated LLM Queries. | ||
| CVE-2024-23560 | Med | 0.29 | 4.4 | 0.00 | Apr 15, 2024 | HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. | ||
| CVE-2025-0256 | Med | 0.28 | 4.3 | 0.00 | Mar 24, 2025 | HCL DevOps Deploy / HCL Launch could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function. | ||
| CVE-2024-23561 | Med | 0.28 | 4.3 | 0.00 | Apr 15, 2024 | HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability due to insufficient obfuscation of sensitive values. | ||
| CVE-2024-42195 | Low | 0.20 | 3.1 | 0.00 | Dec 5, 2024 | HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. |
- risk 0.47cvss 7.2epss 0.01
HCL DevOps Deploy / HCL Launch could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements.
- risk 0.41cvss 6.3epss 0.00
HCL DevOps Deploy / HCL Launch could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service.
- risk 0.41cvss 6.3epss 0.00
HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
- risk 0.40cvss 6.2epss 0.00
HCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user information when installing the Windows agent.
- risk 0.38cvss 5.9epss 0.00
HCL DevOps Deploy is susceptible to a cleartext transmission of sensitive information because the HTTP port remains accessible and does not redirect to HTTPS as intended. As a result, an attacker with network access could intercept or modify user credentials and session-related…
- risk 0.36cvss 5.5epss 0.00
HCL DevOps Deploy / HCL Launch stores potentially sensitive authentication token information in log files that could be read by a local user.
- risk 0.35cvss 5.4epss 0.00
HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.
- risk 0.33cvss 5.0epss 0.00
HCL DevOps Deploy / HCL Launch is susceptible to a race condition in http-session client-IP binding enforcement which may allow a session to be briefly reused from a new IP address before it is invalidated. This could lead to unauthorized access under certain network conditions.
- risk 0.32cvss 4.9epss 0.00
In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configuration privileges may be able to recover a credential previously saved for performing authenticated LLM Queries.
- risk 0.29cvss 4.4epss 0.00
HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type.
- risk 0.28cvss 4.3epss 0.00
HCL DevOps Deploy / HCL Launch could allow an authenticated user to obtain sensitive information about other users on the system due to missing authorization for a function.
- risk 0.28cvss 4.3epss 0.00
HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability due to insufficient obfuscation of sensitive values.
- risk 0.20cvss 3.1epss 0.00
HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.